public abstract class IvoaAuthScheme extends Object implements AuthScheme
standard_id
challenge parameter,
is separable from the type of AuthContext that is produced.
It matches challenges of the form
WWW-Authenticate: <schemeName>
standard_id=<login-protocol-name>,
access_url=<login-url>
Modifier and Type | Class and Description |
---|---|
static interface |
IvoaAuthScheme.AuthReader<T>
Knows how to acquire specific authentication information
from an open URL connection.
|
Modifier and Type | Field and Description |
---|---|
static String |
ACCESSURL_PARAM
Parameter name for the SSO login URL ("access_url").
|
static String |
STANDARDID_PARAM
Parameter name for the SSO login protocol standard id ("standard_id").
|
Modifier | Constructor and Description |
---|---|
protected |
IvoaAuthScheme(String schemeName)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
ContextFactory |
createContextFactory(Challenge challenge,
URL url)
Attempts to return an object that can take user input to generate
an AuthContext based on a given challenge.
|
protected abstract ContextFactory |
createContextFactory(LoginProtocol loginProto,
URL accessUrl,
URL challengeUrl)
Creates a ContextFactory for this scheme with a given
login protocol instance.
|
String |
getName()
Returns a human-readable name identifying the authentication
scheme implemented by this object.
|
static HttpURLConnection |
getSuccessResponse(LoginProtocol loginProto,
AuthScheme authScheme,
URL loginUrl,
UserInterface ui)
Utility method that attempts to acquire a successful HTTP response
from a login URL given a login protocol, with credential input
from the user.
|
static <A> A |
readAuth(LoginProtocol loginProto,
AuthScheme authScheme,
URL loginUrl,
UserInterface ui,
IvoaAuthScheme.AuthReader<A> authReader)
Utility method that acquires authentication information
from a login URL given a login protocol, with credential input
from the user.
|
public static final String STANDARDID_PARAM
public static final String ACCESSURL_PARAM
protected IvoaAuthScheme(String schemeName)
schemeName
- scheme name as presented in challengepublic String getName()
AuthScheme
auth-scheme
token from an RFC7235 challenge (for instance "Basic" for Basic
authentication), but a different value may be used if required
to distinguish it from other instances.getName
in interface AuthScheme
public ContextFactory createContextFactory(Challenge challenge, URL url) throws BadChallengeException
AuthScheme
Note that this method should just examine the syntax of the supplied challenge; it is not expected to make network connections etc to determine if context creation will be successful.
createContextFactory
in interface AuthScheme
challenge
- authentication challenge objecturl
- URL with which the challenge is associatedBadChallengeException
- if the challenge scheme etc
indicates that it is destined for this AuthScheme,
but the challenge is not of the correct formprotected abstract ContextFactory createContextFactory(LoginProtocol loginProto, URL accessUrl, URL challengeUrl) throws BadChallengeException
loginProto
- login protocolaccessUrl
- login URLchallengeUrl
- URL from which the challenge was receivedBadChallengeException
public static HttpURLConnection getSuccessResponse(LoginProtocol loginProto, AuthScheme authScheme, URL loginUrl, UserInterface ui) throws IOException
This method manages user interaction by retrying if appropriate on 401/403 response codes, and returns a response with a 200 code. Authentication schemes for which this is not appropriate are free to manage user interaction without use of this method.
loginProto
- login protocolauthScheme
- authentication scheme (used for messaging)loginUrl
- URL at which credentials can be swapped for a tokenui
- user interface for supplying credentialsIOException
- if some communications failed;
in this case retry is not expected to helppublic static <A> A readAuth(LoginProtocol loginProto, AuthScheme authScheme, URL loginUrl, UserInterface ui, IvoaAuthScheme.AuthReader<A> authReader)
This method manages user interaction using
getSuccessResponse
and either succeeds in returning the desired information
or returns null; in the latter case the user is messaged appropriately.
loginProto
- login protocolauthScheme
- authentication scheme, used for messagingloginUrl
- URL at which credentials can be swapped for a tokenui
- user interface for supplying credentialsauthReader
- acquires auth info from a URL connectionCopyright © 2024 Central Laboratory of the Research Councils. All Rights Reserved.